From: Peter Maydell <peter.maydell@linaro.org>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: QEMU Developers <qemu-devel@nongnu.org>, P J P <ppandit@redhat.com>
Subject: Re: About 'qemu-security' mailing list
Date: Mon, 14 Sep 2020 10:30:14 +0100 [thread overview]
Message-ID: <CAFEAcA8Mgtt484Jf2rLzS8BpNHiGHpDbYQ8QhGkdfoO1ZP79fQ@mail.gmail.com> (raw)
In-Reply-To: <20200914085458.GA1252186@redhat.com>
On Mon, 14 Sep 2020 at 09:55, Daniel P. Berrangé <berrange@redhat.com> wrote:
> Do we think the current QEMU security process is working well for the
> community as a whole in terms of our downstream consumers learning about
> security flaws in an appropriate timeframe and manner ?
That sounds like a question we should be asking our distro contacts,
not guessing at amongst ourselves :-)
Personally, my view is that our current security process is
absolutely useless for anybody who isn't either (a) a distro
(b) using their distro's packaged QEMU (c) big enough to
effectively be acting as their own distro by tracking CVE
announcements and applying patches by hand -- because we don't
produce timely new upstream releases with security fixes.
So unless we want to change that, I think the key question
is "does this process work for the distros?", and I'm happy
if we make adjustments to fix whatever their problems with it
might be.
thanks
-- PMM
next prev parent reply other threads:[~2020-09-14 9:31 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-11 14:20 About 'qemu-security' mailing list P J P
2020-09-11 15:27 ` Li Qiang
2020-09-11 15:40 ` Alexander Bulekov
2020-09-11 15:58 ` Alexander Bulekov
2020-09-18 7:33 ` P J P
2020-09-11 15:47 ` Daniel P. Berrangé
2020-09-11 15:51 ` Peter Maydell
2020-09-14 7:38 ` Philippe Mathieu-Daudé
2020-09-14 10:17 ` Stefan Hajnoczi
2020-09-14 8:54 ` Daniel P. Berrangé
2020-09-14 9:30 ` Peter Maydell [this message]
2020-09-14 10:15 ` Stefan Hajnoczi
2020-09-15 10:48 ` P J P
2020-09-16 11:10 ` Stefan Hajnoczi
2020-09-16 12:33 ` Peter Maydell
2020-09-16 13:06 ` Daniel P. Berrangé
2020-09-16 13:25 ` Thomas Huth
2020-09-16 13:30 ` Daniel P. Berrangé
2020-09-18 7:02 ` P J P
2020-09-30 11:46 ` P J P
2020-09-30 15:48 ` Darren Kenny
2020-10-01 10:35 ` P J P
2020-10-01 11:34 ` Darren Kenny
2020-10-01 13:57 ` Konrad Rzeszutek Wilk
2020-10-01 18:17 ` P J P
2020-10-16 14:17 ` P J P
2020-10-20 14:08 ` P J P
2020-11-03 11:18 ` P J P
2020-11-17 14:46 ` Stefan Hajnoczi
2020-11-17 16:19 ` Stefan Hajnoczi
2020-11-17 16:35 ` Daniel P. Berrangé
2020-11-18 10:32 ` P J P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA8Mgtt484Jf2rLzS8BpNHiGHpDbYQ8QhGkdfoO1ZP79fQ@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=berrange@redhat.com \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.